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We claim: 

1 . A network processing system for enforcing network policies on a 
network, the network consisting of multiple data packets, the data packets forming a 
plurality of flows, the network processing system comprising: 

a network interface operable to receive data packets from the network and 
further operable to send processed data packets back onto the network; and 

a processing engine in communication with the network interface, the 
processing engine operable to associate each data packet with an identifier, wherein 
the identifier is associated with the flow of which the data packet is part, the 
processing engine further operable to compare each flow to a database stored in the 
processing engine, the database storing information on a set of programmable network 
policies, the set of programmable network policies determining a treatment for each 
flow, such that the processing engine is able to modify and direct the data packets 
according to the treatment indicated. 

2. The network processing system of Claim 1 further comprising a second 
processing engine, wherein each processing engine is unidirectional in the opposite 
direction thereby creating a bi-directional network processing system. 

3. The network processing system of Claim 1 wherein the processing 
engine maintains a state for one or more flows, the state associated with each flow 
using the identifier. 

4. The network processing system of Claim 3 wherein the state existing 
for the particular flow at the time a new packet belonging to the particular flow is 
examined is used in conjunction with the database to determine the treatment. 

5. The network processing system of Claim 1 wherein the processing 
engine is able to examine the entire contents of each packet. 

6. The network processing system of Claim 1 wherein the programmable 
network policies are programmed at a separate server and downloaded into the 
network processing system in the form of an image file. 
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1 7. The network processing system of Claim 1 wherein the set of 

2 programmable network policies are stored as signatures in a signature memory. 

1 8. The network processing system of Claim 1 wherein the processing 

2 engine includes a header preprocessor for examining header information in the packet, 

3 a content processor for comparing the packet to the database and determining a 

4 treatment, and a quality of service processor for modifying the packet and directing 

5 the packet according to the treatment. 

1 9. The network processing system of Claim 8 wherein each processing 

2 engine further includes a microprocessor for supplemental operations. 
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1 10. A network processing system for enforcing network policies on a 

2 network, the network consisting of a plurality of data packets, the plurality of data 

3 packets forming a plurality of flows, the network processing system comprising: 

4 at least one left line interface operable to receive data packets from the 

5 network and to send processed data packets onto the network; 

6 at least one right line interface operable to receive data packets from the 

7 network and to send processed data packets onto the network; 

8 a right processing engine receiving data packets from the left interface, and 

9 sending processed data packets to the right line interface; and 

10 a left processing engine receiving data packets from the right interface, and 

1 1 sending processed data packets to the left line interface; 

12 each of the right and left processing engines further comprising: 

13 a traffic flow processor processing the data packets to associate each 

14 data packet with a particular flow, to maintain state for a subset of flows, and 

15 to compare each flow to a database of network policies, the data base of 

16 network policies indicating a treatment for the data packets of each flow; 

17 a quality of service processor communicating with the traffic flow 

18 processor and receiving the treatment from the traffic flow processor 

19 instructing the quality of service processor how to modify the contents of the 

20 data packet and which quality of service to give the data packet. 

1 11. The network processing system of Claim 10 further comprising a 

2 management module connected with the left and the right processing engines through 

3 a bus interface, the management module including a microprocessor able to 

4 communicate with the left and the right processing engines. 

1 12. The network processing system of ClaimlO wherein the left and the 

2 right processing engines exchange information concerning flows. 

1 13. The network processing system of Claim 10 wherein the traffic flow 

2 processor is comprised of a header preprocessor and a content processor, the header 

3 preprocessor operable to examine header information for each packet, and the content 

4 processor operable to compare the packet with the database of network policies. 
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1 14. The network processing system of Claim 10 wherein the database of 

2 network policies is a memory image of signatures, the signatures forming the network 

3 policies. 

1 15. The network processing system of Claim 10 wherein the state existing 

2 for the particular flow at the time a new packet belonging to the particular flow is 

3 examined is used in conjunction with the database to determine the treatment. 

1 16. The network processing system of Claim 10 wherein the 

2 programmable network policies are programmed using a management interface on a 

3 separate server and downloaded into the network processing system in the form of an 

4 image file. 

1 17. The network processing system of Claim 16 wherein the management 

2 interface also acts to retrieve statistical and event information from the network 

3 processing system. 

1 18. The network processing system of Claim 10 wherein the left and right 

2 processing engines further comprise a microprocessor for supplemental processing 

3 operations. 
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1 19. A network processing system and management interface for enforcing 

2 network policies on a network, the network consisting of a plurality of data packets 

3 forming a plurality of flows, the network processing system comprising: 

4 at least one network processing system operable to process network traffic, 

5 each network processing system further comprising: 

6 a network interface operable to receive data packets from the network 

7 and further operable to send processed data packets back onto the network; 

8 and 

9 a processing engine in communication with the network interface, the 

10 processing engine operable to associate each data packet with an identifier, 

1 1 wherein the identifier is associated with the flow to which the data packet 

12 belongs, the processing engine further operable to compare each flow to a 

13 database stored in the processing engine, the database storing information on a 

14 set of programmable network policies, the set of programmable network 

15 policies determining a treatment for each flow, such that the processing engine 

16 is able to modify and direct the data packets according to the treatment 

17 indicated; and 

18 a management interface to control each network processing system 

19 programmed on a separate server in communication with each network 

20 processing system, the management interface including a programming 

21 interface to allow a user to program each network processing system, an image 

22 builder to convert the program into an image that can be loaded into the 

23 appropriate network processing system, and an interface program operable to 

24 communicate with and to send the image file to the appropriate network 

25 processing system. 

1 20. The network processing system and management interface of Claim 1 9 

2 wherein the management interface is further operable to retrieve statistical and event 

3 information from each of the network processing systems. 

1 21. The network processing system and management interface of Claim 19 

2 wherein the image includes source files used to create the image. 
3 
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22. The network processing system and management interface of Claim 1 9 
wherein the network processing system further includes a management module in 
communication with the processing engine and the management interface. 

23. The network processing system and management interface of Claim 19 
wherein the network processing system further comprises a second processing engine, 
wherein each processing engine is unidirectional in the opposite direction thereby 
creating a bi-directional network processing system. 
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